Reports on the Xbox forums this week indicated that Xbox Live users were being targeted in a security scam by phishers, criminals who attempt to fraudulently acquire sensitive information from individuals such as usernames, passwords and credit card details. Microsoft has confirmed the validity of these reports, telling Next-Gen that it has “taken action to help protect our subscribers’ accounts”.
A number of Xbox Live users have been receiving emails, supposedly from Xbox Support, informing them that Microsoft has made changes to all Xbox Live accounts. The emails redirect users to a replication of Microsoft’s Passport login page where they are asked to enter sensitive information which can be hijacked by phishers. According to Microsoft, it is all over this security threat. It says it is retraining staff on the ins and outs of phishing, will reimburse any users that have had their accounts tampered with, and has offered some advice to Xbox Live users.
In an email to Next-Gen the platform holder said:
“Microsoft has confirmed reports of certain individuals taking over subscribers’ Xbox LIVE accounts through fraudulent behavior. We’ve taken action to help protect our subscribers’ accounts and are working with our call center staff to help reduce the likelihood of future incidents.
• Retraining all customer support representatives.
• Examining the policies and processes for account recovery.
• Continuing to monitor the situation closely to take appropriate action as necessary.
In addition to these steps, we continue to recommend that our customers always be careful with whom they share information while connected to Xbox LIVE. We will reimburse any customer whose account has been compromised in this fashion. If they have lost content such as Xbox Live Arcade games, we will provide the customer with replacement content at no charge.
This was not a failure of software technology. We want to reassure our customers that there has been no security breach of the Xbox LIVE network or of Bungie.net. Customers who have any concerns about their account should visit www.xbox.com/support, click on the link titled “Troubleshooting Access to your Xbox Live Account,” and perform the steps outlined there.”Microsoft, Xbox, Xbox 360, Xbox Live, Live Arcade, XBLA, Phishing